According to Panda Labs over 25 million new pieces of malware were released into the wild in 2009. 2010 is expected to be even worse. In addition to sheer volume, malware is becoming more sophisticated and targeted as a result of the influx of organized crime and state sponsors into the realm of malware authoring. Due to this unsavory trend, the SANS Institute has developed a course, Reverse-Engineering Malware: Malware Analysis Tools and Techniques AKA FORENSICS 610, to help white hats that need essential malware analysis skills and also to prepare security professionals for the GIAC Reverse Engineering Malware (GREM) certification. SANS describes FOR610, as:

“Teaches a practical approach to examining malicious software that runs natively on Microsoft Windows, and covers web-based malware such as JavaScript and Flash files. You will learn how to reverse-engineer malicious programs using a variety of system and network monitoring utilities, a disassembler, a debugger, and other tools for turning malware inside-out.”

In my work as a Security Engineer, I am frequently asked to analyze web sites and file downloads for potential infection. This course filled both a professional need and personal interest need for me in malware analysis. After attending the 4-day course (now officially a 5-day course) at SANS Security West 2010 in San Diego, I sat down with the course author and instructor, Lenny Zeltser, to discuss his background, the course and malware analysis in general.

Nice interview.. GREM is certainly something on my list I'd like to go for sooner or later. However, what I often wonder is why I so often read something like 'no programming knowledge required' or the other way round, that security professionals ask if programming skills are required for a certain course or exam. Of course there are areas in security where one have more or less to deal with programming, however, I think that a security professional should have some kind of programming knowledge, independently on the area one has focused to.

Last edited by UNIX on Sat Jul 03, 2010 2:42 pm, edited 1 time in total.

awesec wrote:Nice interview.. GREM is certainly something on my list I'd like to go for sooner or later. However, what I often wonder is why I so often read something like 'no programming knowledge required' or the other way round, that security professionals ask if programming skills are required for a certain course or exam. Of course there are areas in security where one have more or less to deal with programming, however, I think that a security professional should have some kind of programming knowledge, independently on the area one has focused to.

It really depends on what you define as programming knowledge. I can read enough of it to undestand what most routines do, but could I write a realtion databgase management system or other complex application from scratch? Absolutely not. What SANS and Lenny are trying to say by that statement is that you don't need to be a developer or have completed a prgramming degree to take the course or gain a weatlh of knowledge from the course.

Nice interview. I think that as much as this interview was on Lenny's views on malware analysis, it also focused on what resources, apart from the course, would help a complete beginner to get started in this field. Lenny shared some good links.

Last edited by Xen on Mon Jul 05, 2010 11:30 am, edited 1 time in total.

Good interview! I've been checking out Lenny's website quite a bit lately and would love to take his course. My job doesn't require it and won't pay for it, so it'll be awhile before I can afford to go. It's more of a personal interest than anything. I recommend watching the intro to malware video available on his website, it really gives you a great idea of how to start.